skip to main content
10.1145/2660267.2660277acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Optimal Average-Complexity Ideal-Security Order-Preserving Encryption

Published: 03 November 2014 Publication History

Abstract

Order-preserving encryption enables performing many classes of queries -- including range queries -- on encrypted databases. Popa et al. recently presented an ideal-secure order-preserving encryption (or encoding) scheme, but their cost of insertions (encryption) is very high. In this paper we present an also ideal-secure, but significantly more efficient order-preserving encryption scheme. Our scheme is inspired by Reed's referenced work on the average height of random binary search trees. We show that our scheme improves the average communication complexity from O(n log n) to O(n) under uniform distribution. Our scheme also integrates efficiently with adjustable encryption as used in CryptDB. In our experiments for database inserts we achieve a performance increase of up to 81% in LANs and 95% in WANs.

References

[1]
http://www.ciphercloud.com/.
[2]
http://www.vaultive.com/.
[3]
https://www.cs.cmu.edu/~enron/enron_mail_20110402.tgz.
[4]
D. Abadi, S. Madden, and M. Ferreira. Integrating compression and execution in column-oriented database systems. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2006.
[5]
D. Agrawal, A. El Abbadi, F. Emekçi, and A. Metwally. Database management as a service: challenges and opportunities. In Proceedings of the 25th International Conference on Data Engineering, ICDE, 2009.
[6]
R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2004.
[7]
C. Binnig, S. Hildenbrand, and F. Farber. Dictionary-based order-preserving string compression for main memory column stores. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2009.
[8]
A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In Proceedings of the 28th International Conference on Advances in Cryptology, EUROCRYPT, 2009.
[9]
A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: improved security analysis and alternative solutions. In Proceedings of the 31st International Conference on Advances in Cryptology, CRYPTO, 2011.
[10]
D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In Proceedings of the 4th Theory of Cryptography Conference, TCC, 2007.
[11]
D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In Proceedings of the 33rd International Conference on Advances in Cryptology, CRYPTO, 2013.
[12]
F. Farber, N. May, W. Lehner, P. Große, I. Müller, H. Rauhe, and J. Dees. The SAP HANA database -- an architecture overview. IEEE Data Engineering Bulletin, 35(1):28--33, 2012.
[13]
C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Symposium on Theory of Computing, STOC, 2009.
[14]
S. Goldwasser, Y. T. Kalai, R. A. Popa, V. Vaikuntanathan, and N. Zeldovich. Reusable garbled circuits and succinct functional encryption. In Proceedings of the Symposium on Theory of Computing, STOC, 2013.
[15]
H. Hacigümüs, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2002.
[16]
H. Hacigümüs, S. Mehrotra, and B. R. Iyer. Providing database as a service. In Proceedings of the 18th International Conference on Data Engineering, ICDE, 2002.
[17]
S. Hildenbrand, D. Kossmann, T. Sanamrad, C. Binnig, F. F\"arber, and J. Wöhler. Query processing on encrypted data in the cloud. Technical Report 735, Department of Computer Science, ETH Zurich, 2011.
[18]
M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In Proceedings of the 19th Network and Distributed System Security Symposium, NDSS, 2012.
[19]
H. Kadhem, T. Amagasa, and H. Kitagawa. Mv-opes: multivalued-order preserving encryption scheme: a novel scheme for encrypting integer value to many different values. IEICE Transactions on Information and Systems, E93.D:2520--2533, 2010.
[20]
H. Kadhem, T. Amagasa, and H. Kitagawa. A secure and efficient order preserving encryption scheme for relational databases. In Proceedings of the International Conference on Knowledge Management and Information Sharing, KMIS, 2010.
[21]
J. Katz, A. Sahai, and B. Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Advances in Cryptology, EUROCRYPT, 2008.
[22]
B. Klimt and Y. Yang. The enron corpus: a new dataset for email classification research. In Proceedings of the 15th European Conference on Machine Learning, ECML, 2004.
[23]
S. Lee, T.-J. Park, D. Lee, T. Nam, and S. Kim. Chaotic order preserving encryption for efficient and secure queries on databases. IEICE Transactions on Information and Systems, E92.D:2207--2217, 2009.
[24]
C. Liu, L. Zhu, M. Wang, and Y.-a. Tan. Search pattern leakage in searchable encryption: attacks and new constructions. Technical Report 163, IACR Cryptology ePrint Archive, 2013.
[25]
D. Liu and S. Wang. Programmable order-preserving secure index for encrypted database query. In Proceedings of the 5th International Conference on Cloud Computing, CLOUD, 2012.
[26]
D. Liu and S. Wang. Nonlinear order preserving index for encrypted database query in service cloud environments. Concurrency and Computation: Practice and Experience, 25(13):1967--1984, 2013.
[27]
Y. Lu. Privacy-preserving logarithmic-time search on encrypted data in cloud. In Proceedings of the 19th Network and Distributed System Security Symposium, NDSS, 2012.
[28]
G. Özsoyoglu, D. A. Singer, and S. S. Chung. Anti-tamper databases: querying encrypted databases. In Proceedings of the 17th Conference on Data and Application Security, DBSEC, 2003.
[29]
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 18th International Conference on Advances in Cryptology, EUROCRYPT, 1999.
[30]
H. Plattner. A common database approach for oltp and olap using an in-memory column database. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2009.
[31]
S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Transactions on Information Theory, 24(1):106--110, 1978.
[32]
R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In 34th IEEE Symposium on Security and Privacy, S&P, 2013.
[33]
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP, 2011.
[34]
B. Reed. The height of a random binary search tree. Journal of the ACM, 50(3):306--332, 2003.
[35]
E. Shi, J. Bethencourt, H. T.-H. Chan, D. X. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In Proceedings of the 2007 Symposium on Security and Privacy, S&P, 2007.
[36]
M. Stonebraker, D. J. Abadi, A. Batkin, X. Chen, M. Cherniack, M. Ferreira, E. Lau, A. Lin, S. Madden, E. O'Neil, P. O'Neil, A. Rasin, N. Tran, and S. Zdonik. C-store: a column-oriented dbms. In Proceedings of the 31st International Conference on Very Large Data Bases, VLDB, 2005.
[37]
L. Xiao, O. Bastani, and I.-L. Yen. Security analysis for order preserving encryption schemes. Technical Report UTDCS-01--12, Department of Computer Science, University of Texas Dallas, 2012.
[38]
L. Xiao and I.-L. Yen. A note for the ideal order-preserving encryption object and generalized order-preserving encryption. Technical Report 350, IACR Cryptology ePrint Archive, 2012.
[39]
L. Xiao, I.-L. Yen, and D. T. Huynh. Extending order preserving encryption for multi-user systems. Technical Report 192, IACR Cryptology ePrint Archive, 2012.
[40]
A. C.-C. Yao. Protocols for secure computations (extended abstract). In Proceedings of the 23th Symposium on Foundations of Computer Science, FOCS, 1982.
[41]
A. C.-C. Yao. How to generate and exchange secrets (extended abstract). In Proceedings of the 27th Symposium on Foundations of Computer Science, FOCS, 1986.
[42]
D. H. Yum, D. S. Kim, J. S. Kim, P. J. Lee, and S. J. Hong. Order-preserving encryption for non-uniformly distributed plaintexts. In Proceedings of the 12th International Workshop on Information Security Applications, WISA, 2011.
[43]
M. Zukowski, P. A. Boncz, N. Nes, and S. Héman. Monetdb/x100 - a dbms in the cpu cache. IEEE Data Engineering Bulletin, 28(2):17--22, 2005.
[44]
M. Zukowski, S. Heman, N. Nes, and P. Boncz. Super-scalar ram-cpu cache compression. In Proceedings of the 22nd International Conference on Data Engineering, ICDE, 2006.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. adjustable encryption
  2. efficiency
  3. ideal security
  4. in-memory column database
  5. indistinguishability
  6. order-preserving encryption

Qualifiers

  • Research-article

Conference

CCS'14
Sponsor:

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)19
  • Downloads (Last 6 weeks)2
Reflects downloads up to 06 Nov 2024

Other Metrics

Citations

Cited By

View all

View Options

Get Access

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media